Systems and methods for encrypting parameters of a large language model
Abstract
A system receives a training dataset for the LLM that includes confidential data, wherein the LLM comprises preset parameters. The system trains the LLM using the training dataset, including: identifying one or more parameters changed during the training, and encrypting the changed parameters. The system receives an input query for the LLM from a user. The system determines if the user has access rights to the confidential data. In response to determining that the user has the access rights to the confidential data, the system decrypts the encrypted changed parameters of the LLM, and performs an LLM inference using the decrypted changed parameters. In response to determining that the user does not have the access rights to the confidential data, the system performs the LLM inference with the preset parameters without decrypting the encrypted changed parameters.
Claims
exact text as granted — not AI-modified1 . A method for secure deployment of a Large Language Model (LLM), comprising:
receiving a training dataset for the LLM that includes confidential data, wherein the LLM comprises preset parameters; training the LLM using the training dataset, including: identifying one or more parameters changed during the training, and encrypting the changed parameters; receiving an input query for the LLM from a user; determining if the user has access rights to the confidential data; in response to determining that the user has the access rights to the confidential data, decrypting the encrypted changed parameters of the LLM, and performing an LLM inference using the decrypted changed parameters; and in response to determining that the user does not have the access rights to the confidential data, performing the LLM inference with the preset parameters without decrypting the encrypted changed parameters.
2 . The method of claim 1 , wherein encrypting the changed parameters includes encrypting at least one layer comprising the changed parameters.
3 . The method of claim 1 , wherein encrypting the changed parameters comprises encrypting a difference between a first state of the changed parameters prior to the training and a second state of the changed parameters after the training.
4 . The method of claim 3 , wherein performing the LLM inference using the decrypted changed parameters comprises decrypting the difference and applying the decrypted difference to the first state of the changed parameters to determine the second state of the changed parameters.
5 . The method of claim 3 , wherein the first state of the changed parameters is the preset parameters.
6 . The method of claim 3 , further comprising:
determining if a value of the difference between the changed parameters and prior parameters is less than a threshold amount, and in response to determining that the value of the difference is less than the threshold amount, reverting the changed parameters such that the changed parameters return to a state prior to the training with the training dataset, and not encrypting the changed parameters.
7 . The method of claim 1 , wherein the changed parameters comprise weights and/or biases.
8 . The method of claim 1 , wherein the LLM is a 1-bit large language model (LLM).
9 . The method of claim 1 , wherein the preset parameters are encrypted by a general encryption scheme.
10 . The method of claim 1 , wherein the user has the access rights to the confidential data when the user possesses a private encryption key for decrypting the encrypted parameters.
11 . The method of claim 10 , wherein a first output value without private information is generated by the LLM when a user input query for the LLM inference is not provided with the private encryption key, and a second output value comprising the private information is generated by the LLM when the user input query is provided with the private encryption key.
12 . The method of claim 11 , wherein the user is provided with one or more encryption keys based on a level of access to the confidential data such that all of the one or more encryption keys are needed to access all of the confidential data.
13 . The method of claim 1 , wherein associated parameters of each of one or more layers of the LLM is encrypted by a different encryption key.
14 . A system for secure deployment of a Large Language Model (LLM), comprising:
at least one memory; and at least one hardware processor coupled with the at least one memory and configured, individually or in combination, to:
receive a training dataset for the LLM that includes confidential data, wherein the LLM comprises preset parameters;
train the LLM using the training dataset, including: identifying one or more parameters changed during the training, and encrypting the changed parameters;
receive an input query for the LLM from a user;
determine if the user has access rights to the confidential data;
in response to determining that the user has the access rights to the confidential data, decrypt the encrypted changed parameters of the LLM, and perform an LLM inference using the decrypted changed parameters; and
in response to determining that the user does not have the access rights to the confidential data, perform the LLM inference with the preset parameters without decrypting the encrypted changed parameters.
15 . The system of claim 14 , wherein the at least one hardware processor is configured to encrypt the changed parameters by encrypting at least one layer comprising the changed parameters.
16 . The system of claim 14 , wherein the at least one hardware processor is configured to encrypt the changed parameters by encrypting a difference between a first state of the changed parameters prior to the training and a second state of the changed parameters after the training.
17 . The system of claim 16 , wherein the at least one hardware processor is configured to perform the LLM inference using the decrypted changed parameters by decrypting the difference and applying the decrypted difference to the first state of the changed parameters to determine the second state of the changed parameters.
18 . The system of claim 16 , wherein the first state of the changed parameters is the preset parameters.
19 . The system of claim 16 , wherein the at least one hardware processor is configured to:
determine if a value of the difference between the changed parameters and prior parameters is less than a threshold amount, and in response to determining that the value of the difference is less than the threshold amount, revert the changed parameters such that the changed parameters return to a state prior to the training with the training dataset, and not encrypt the changed parameters.
20 . A non-transitory computer readable medium storing thereon computer executable instructions for secure deployment of a Large Language Model (LLM), including instructions for:
receiving a training dataset for the LLM that includes confidential data, wherein the LLM comprises preset parameters; training the LLM using the training dataset, including: identifying one or more parameters changed during the training, and encrypting the changed parameters; receiving an input query for the LLM from a user; determining if the user has access rights to the confidential data; in response to determining that the user has the access rights to the confidential data, decrypting the encrypted changed parameters of the LLM, and performing an LLM inference using the decrypted changed parameters; and in response to determining that the user does not have the access rights to the confidential data, performing the LLM inference with the preset parameters without decrypting the encrypted changed parameters.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.